Consistency is the Key to Keeping Your Small Law Firm Secure
Julia Graham, Deputy CEO at AIRMIC
In today’s fast-moving, complex and interconnected world, how do smaller law firms manage all the new and evolving threats – from cybersecurity breaches to online reputational threats? We asked Paul Smith, Risk Management Consultant at Travelers, and Julia Graham, Deputy CEO at AIRMIC, for their views.
It starts with your new clients
Many of the clients that law firms take on are, by definition, involved in conflicts, so how can they minimise the risk? Paul Smith believes this is actually easier for small firms than for larger ones. “You need good systems in place around conflict checking and you also need to ensure that, whenever a new client is taken on, everybody in the organisation is made aware.”
He emphasised the importance of consistency. “It isn’t difficult to carry out due diligence and background checks for issues like anti-money laundering, but you need to make sure you do them every time.”
Critical business data
Data is another area where businesses have to be careful, especially as many of them hold very large amounts of client data. “For criminals, this can be as valuable as money – and it’s a value that can be traded.”
The point is that combating data theft requires more than just regular IT system checks. “Data protection issues are as much about individuals as they are about IT. So, we need to make people aware of the importance of good cyber hygiene, especially regarding hacking, phishing emails and malware installation.”
Julia Graham thinks this is one area where smaller firms are at a disadvantage. “They are very vulnerable because they don’t have the large amounts to invest in data protection and complex IT systems that their bigger rivals can call on. So, finding or developing solutions to protect data should be a priority.”
Process risks
Paul Smith also thinks law firms underestimate the extent to which processes fail and generate claims. It’s a fundamental weakness not restricted to small firms. “These organisations need to realise that they’re in the business of reliably producing a good result. And that depends on having good systems, making sure those systems are checked and that the processes they support are reviewed to ensure they deliver the service that’s required.”
Julia Graham believes that smaller law firms should lean on the experience, tools and techniques that the larger firms have developed. “For small- to medium-sized firms in the legal sector, there are some great standards that people can use which have been developed either with the regulator or larger firms. Solutions such as Lexcel are excellent.”
Conclusions
In an age where information can so easily be accessed and redistributed, law firms – which are very much in the information business – may need to adopt a more defensive posture regarding their systems.
Paul Smith: “Across the whole profession, there’s this focus on having intellectual firepower. You have to realise that it’s taken as a given that you can do your job. The real question today is: can you do it in a way that’s reliable, consistent and safe?”